Health Web Services

Combining the strengths of a secure, encrypted database, with the powerful hashing of blockchain, Health Web Services aims to revolutionize the healthcare industry with innovative modern technology.

Comment

Inspiration

Healthcare records are some of the most sensitive data people have, yet patients and providers still deal with fragmented systems, slow sharing, and limited transparency about who accessed what. We wanted a simple, secure way to store records, share access intentionally, and produce tamper-evident proof of storage/access—without ever putting medical data on-chain.

What it does

HWS (Health Web Services) is a full-stack app that lets you:

  • Connect a Solana wallet (Solflare) to authenticate actions.
  • Store a patient record encrypted off-chain (AES-256-CBC + random IV) via our C backend and DigitalOcean Spaces.
  • Write a Solana memo proof (hash + metadata, no PHI) for “record stored”.
  • Retrieve and decrypt the record only if your wallet is authorized (owner or allowed viewer).
  • Write a second Solana memo proof for “record accessed” and keep an audit trail (who/when/tx signature).

How we built it

Frontend (React + Vite):

  • Wallet connection via @solana/wallet-adapter-* (Solflare).
  • Canonicalizes the record payload and computes a SHA-256 hash.
  • Posts memo transactions to Solana Devnet to create verifiable proofs.
  • Talks to our backend API to store/retrieve records. Web API (Node + Express):
  • REST endpoints for store/retrieve/audit.
  • Enforces access control using wallet pubkeys (owner + allowed viewers).
  • Calls the compiled C backend binary using execFile().
  • Persists metadata/audits in a local JSON store for the demo. Backend (C + OpenSSL + cURL):
  • Encrypts/decrypts records with AES-256-CBC (random IV per record).
  • Uploads/downloads encrypted blobs to DigitalOcean Spaces (S3-compatible).
  • Produces hashes intended for integrity verification.

Challenges we ran into

  • Wallet UX + state: handling wallet connection edge cases and making “store/retrieve requires wallet” behavior consistent.
  • Cross-platform setup: getting Node → C binary execution working smoothly on Windows, plus OpenSSL/MSYS2 path issues.
  • Keeping data private: ensuring the chain only stores proofs (hash + event metadata) and never any patient record content.
  • Key management: making sure encryption keys and DO credentials stay in environment variables and never end up committed.

Accomplishments that we're proud of

  • End-to-end workflow: wallet-authenticated store → encrypted off-chain storage → authorized retrieval → on-chain audit proofs.
  • Clean separation of concerns: on-chain = proofs, off-chain = encrypted data.
  • A user-friendly interface that guides users through Connect → Store → Retrieve/Verify → Audit.
  • Security hygiene: .env is ignored and secrets are not pushed to git.

What we learned

  • How to use Solana wallets not just for “login”, but as a source of verifiable, timestamped audit proofs.
  • Practical tradeoffs between blockchain transparency and healthcare privacy.
  • The importance of stable interfaces when combining React + Node + native C components.
  • Real-world “dev friction” around environment setup and secrets management.

What's next for HWS - Health Web Services

  • Stronger verification: tighten the proof format and expand on-chain verification beyond simple memos.
  • Improved key strategy: explore per-record key wrapping / better rotation patterns (vs a single env key).
  • Better sharing + revocation UX for allowed viewers.
  • More complete audit experience: filtering, export, and direct linking to Solana explorer entries.
  • Deployment hardening: production configs, monitoring, and safer secret provisioning

Built With

Share this project:

Updates